ci: changeset-preview

[lachlancollins]

🎯 Changes

Source: TanStack/router#6937

✅ Checklist

• I have followed the steps in the Contributing guide.
• I have tested this code locally with pnpm test:pr.

🚀 Release Impact

• This change affects published code, and I have generated a changeset.
• This change is docs/CI/dev-only (no release).

Summary by CodeRabbit

• New Features
  • Added automated changeset preview that displays projected package version bumps in pull requests when changesets are modified.
  • Preview automatically posts as a PR comment, showing direct and dependency-related version changes in an easy-to-read format.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 50fe3d7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8cc32ef3-c509-4805-9216-177b8f8126df

📥 Commits

Reviewing files that changed from the base of the PR and between 66f5229 and 50fe3d7.

📒 Files selected for processing (1)

• .github/changeset-preview/preview-changeset-versions.mjs

---

📝 Walkthrough

Walkthrough

Introduces a new GitHub Actions workflow that automatically generates and publishes a changeset version impact preview on pull requests. The system comprises a composite action, a version bump preview script, and a PR comment management script that together detect changesets, calculate version changes, and report them as comments.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow & Composite Action .github/workflows/changeset-preview.yml, .github/changeset-preview/action.yml	Defines a new workflow triggered on .changeset/** file changes. The composite action orchestrates two sequential steps: previewing version bumps and posting/updating a PR comment with the results.
Changeset Version Preview Script .github/changeset-preview/preview-changeset-versions.mjs	Node.js script that snapshots package versions, collects changeset entries, applies version changes via pnpm, and generates a markdown summary table distinguishing direct bumps from dependency-induced bumps with collapsible sections.
PR Comment Upsert Script .github/changeset-preview/upsert-pr-comment.mjs	Node.js CLI script that reads a markdown body file, validates required arguments, and uses GitHub API to create or update PR comments with proper pagination and error handling.

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions Workflow
    participant CA as Composite Action
    participant PV as Preview Script
    participant FS as File System
    participant GH as GitHub API
    participant UC as Upsert Comment Script

    GHA->>CA: Trigger on .changeset/** change
    CA->>PV: Execute preview-changeset-versions.mjs
    PV->>FS: Read current package versions
    PV->>FS: Read .changeset/*.md entries
    PV->>FS: Snapshot versions
    PV->>FS: Temporarily modify .changeset/config.json
    PV->>FS: Run pnpm changeset version
    PV->>FS: Restore .changeset/config.json
    PV->>FS: Read updated versions
    PV->>FS: Write markdown preview to /tmp/changeset-preview.md
    CA->>UC: Execute upsert-pr-comment.mjs
    UC->>FS: Read /tmp/changeset-preview.md
    UC->>GH: Fetch existing PR comments (paginated)
    alt Comment exists
        UC->>GH: PATCH update existing comment
    else Comment not found
        UC->>GH: POST create new comment
    end
    GH-->>UC: Comment created/updated

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Behold! A changeset preview born,
Three scripts dance in workflows worn,
Versions bumped and comments posted,
No more surprises—futures roasted! ✨

🚥 Pre-merge checks | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is entirely empty—it contains only the template structure with all sections unfilled and all checklist items unchecked, providing no actual information about the changes made.	Fill in the description with details about what was added (changeset preview workflow, scripts, and actions), the motivation, and check off applicable checklist items.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'WIP: changeset-preview' is vague and uses the WIP (work-in-progress) prefix, which doesn't clearly convey the actual implementation details of the changeset preview feature being added.	Replace with a more descriptive title that captures the main change, such as 'Add changeset preview GitHub Actions workflow' or 'Implement changeset preview automation'.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch changeset-preview

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 50fe3d7

Command	Status	Duration	Result
nx run-many --target=build	✅ Succeeded	<1s	View ↗
nx affected --targets=test:sherif,test:docs,tes...	✅ Succeeded	<1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-17 02:01:02 UTC

[pkg-pr-new]

npm i https://pkg.pr.new/@tanstack/eslint-config@356

npm i https://pkg.pr.new/@tanstack/publish-config@356

npm i https://pkg.pr.new/@tanstack/typedoc-config@356

npm i https://pkg.pr.new/@tanstack/vite-config@356

commit: 50fe3d7

[github-actions]

Changeset Version Preview

1 package(s) bumped directly, 0 bumped as dependents.

Direct bumps

Package	Bump	Version
@tanstack/publish-config	minor	0.2.2 → 0.3.0

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

.github/changeset-preview/upsert-pr-comment.mjs (1)

7-7: Update default marker to match the changeset preview use case.

The default marker <!-- bundle-size-benchmark --> appears to be a remnant from another tool. While it's overridden via --marker in the action, updating the default would improve clarity and serve as a better fallback.

Proposed fix

-const DEFAULT_MARKER = '<!-- bundle-size-benchmark -->'
+const DEFAULT_MARKER = '<!-- changeset-version-preview -->'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/changeset-preview/upsert-pr-comment.mjs at line 7, The
DEFAULT_MARKER constant currently uses an unrelated marker ('<!--
bundle-size-benchmark -->'); update the DEFAULT_MARKER value to a marker that
reflects the changeset preview upsert-pr use case (e.g., '<!-- changeset-preview
-->' or similar) so the fallback matches intent; modify the DEFAULT_MARKER
declaration in the file where DEFAULT_MARKER is defined to the new marker string
and ensure any references to DEFAULT_MARKER continue to work unchanged.

.github/changeset-preview/action.yml (1)

1-18: Consider adding guard for non-PR events.

The action assumes github.event.number is available, which is only true for pull_request events. If this action is accidentally invoked from a non-PR context (e.g., push), it will pass an empty --pr argument.

Since this is a private action used only by the changeset-preview workflow (which correctly triggers on pull_request), this is low risk, but a guard or clearer documentation could help prevent future misuse.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/changeset-preview/action.yml around lines 1 - 18, The "Post PR
comment" step assumes github.event.number exists and will pass an empty --pr to
upsert-pr-comment.mjs; add a guard so the step only runs for pull_request events
(e.g., add an if: condition on the "Post PR comment" step like if:
github.event_name == 'pull_request' && github.event.number) or modify the run
script to check for presence of github.event.number before invoking
upsert-pr-comment.mjs and exit with a clear message; reference the "Post PR
comment" step and the --pr "${{ github.event.number }}" usage as the locations
to change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.changeset/big-cases-greet.md:
- Around line 1-5: Remove the test changeset file that only contains "Test
change" for '@tanstack/publish-config' before merging: delete the
.changeset/big-cases-greet.md file (or replace its contents with a proper,
intentional changeset if this is a real release), ensuring no stray test
changeset remains in the PR.

In @.github/changeset-preview/preview-changeset-versions.mjs:
- Around line 21-22: Remove the debug console.log by deleting the
console.log(ROOT) statement in
.github/changeset-preview/preview-changeset-versions.mjs; keep the const ROOT =
resolve(import.meta.dirname, '..', '..') line intact and ensure no other stray
console.debug/console.log calls remain in this module (look for any references
to ROOT or debug logging in this file).

In @.github/changeset-preview/upsert-pr-comment.mjs:
- Around line 24-33: The args object currently sets repo using
process.env.GITHUB_REPOSITORY which mismatches the action.yml env name
REPOSITORY; update the repo assignment in the args construction (the repo
property in the args object) to prefer values.repo, then
process.env.GITHUB_REPOSITORY, and also fallback to process.env.REPOSITORY (or
vice versa) so the script accepts the explicitly-passed REPOSITORY env from
action.yml; keep the existing DEFAULT_MARKER/token/api-url logic intact and only
modify the repo lookup in this file.

In @.github/workflows/changeset-preview.yml:
- Around line 21-22: The workflow step named "Checkout" currently pins uses to
actions/checkout@v6.0.1; update that value to either actions/checkout@v6.0.2 or
actions/checkout@v6 to follow the latest v6.x releases. Locate the "Checkout"
step in the changeset-preview workflow and replace the uses reference
accordingly, keeping the step name and other keys unchanged.

---

Nitpick comments:
In @.github/changeset-preview/action.yml:
- Around line 1-18: The "Post PR comment" step assumes github.event.number
exists and will pass an empty --pr to upsert-pr-comment.mjs; add a guard so the
step only runs for pull_request events (e.g., add an if: condition on the "Post
PR comment" step like if: github.event_name == 'pull_request' &&
github.event.number) or modify the run script to check for presence of
github.event.number before invoking upsert-pr-comment.mjs and exit with a clear
message; reference the "Post PR comment" step and the --pr "${{
github.event.number }}" usage as the locations to change.

In @.github/changeset-preview/upsert-pr-comment.mjs:
- Line 7: The DEFAULT_MARKER constant currently uses an unrelated marker ('<!--
bundle-size-benchmark -->'); update the DEFAULT_MARKER value to a marker that
reflects the changeset preview upsert-pr use case (e.g., '<!-- changeset-preview
-->' or similar) so the fallback matches intent; modify the DEFAULT_MARKER
declaration in the file where DEFAULT_MARKER is defined to the new marker string
and ensure any references to DEFAULT_MARKER continue to work unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bf466223-c987-485c-b89a-6e1e041fb172

📥 Commits

Reviewing files that changed from the base of the PR and between 972e400 and 66f5229.

📒 Files selected for processing (5)

• .changeset/big-cases-greet.md
• .github/changeset-preview/action.yml
• .github/changeset-preview/preview-changeset-versions.mjs
• .github/changeset-preview/upsert-pr-comment.mjs
• .github/workflows/changeset-preview.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Environment variable mismatch: REPOSITORY vs GITHUB_REPOSITORY.

The action.yml sets REPOSITORY: ${{ github.repository }} but this script reads process.env.GITHUB_REPOSITORY. While this works because GitHub Actions automatically provides GITHUB_REPOSITORY, the explicit env var in action.yml is unused and misleading.

Either update action.yml to use the standard GITHUB_REPOSITORY name, or update this script to also check REPOSITORY:

Option 1: Fix in action.yml

       env:
-        REPOSITORY: ${{ github.repository }}
+        GITHUB_REPOSITORY: ${{ github.repository }}
         GH_TOKEN: ${{ github.token }}

Option 2: Fix in this script

-    repo: values.repo ?? process.env.GITHUB_REPOSITORY,
+    repo: values.repo ?? process.env.GITHUB_REPOSITORY ?? process.env.REPOSITORY,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const args = {
	pr: values.pr ? Number.parseInt(values.pr, 10) : undefined,
	bodyFile: values['body-file'],
	repo: values.repo ?? process.env.GITHUB_REPOSITORY,
	marker: values.marker ?? DEFAULT_MARKER,
	token: values.token ?? (process.env.GITHUB_TOKEN || process.env.GH_TOKEN),
	apiUrl:
	values['api-url'] ??
	(process.env.GITHUB_API_URL || 'https://api.github.com'),
	}
	const args = {
	pr: values.pr ? Number.parseInt(values.pr, 10) : undefined,
	bodyFile: values['body-file'],
	repo: values.repo ?? process.env.GITHUB_REPOSITORY ?? process.env.REPOSITORY,
	marker: values.marker ?? DEFAULT_MARKER,
	token: values.token ?? (process.env.GITHUB_TOKEN || process.env.GH_TOKEN),
	apiUrl:
	values['api-url'] ??
	(process.env.GITHUB_API_URL || 'https://api.github.com'),
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/changeset-preview/upsert-pr-comment.mjs around lines 24 - 33, The
args object currently sets repo using process.env.GITHUB_REPOSITORY which
mismatches the action.yml env name REPOSITORY; update the repo assignment in the
args construction (the repo property in the args object) to prefer values.repo,
then process.env.GITHUB_REPOSITORY, and also fallback to process.env.REPOSITORY
(or vice versa) so the script accepts the explicitly-passed REPOSITORY env from
action.yml; keep the existing DEFAULT_MARKER/token/api-url logic intact and only
modify the repo lookup in this file.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

actions/checkout latest version 2026

💡 Result:

As of March 17, 2026, the latest stable release of actions/checkout is v6.0.2 (released Jan 9, 2026). [1]

Use either:

• uses: actions/checkout@v6 (tracks latest v6.x), or
• uses: actions/checkout@v6.0.2 (pins the exact release). [1][2]

Sources
[1] https://github.com/actions/checkout/releases
[2] https://github.com/actions/checkout

---

Update actions/checkout to v6.0.2 or use the v6 tag for automatic updates.

The version v6.0.1 is valid but outdated. As of March 2026, the latest stable version is v6.0.2 (released January 9, 2026). Consider updating to v6.0.2 or using actions/checkout@v6 to automatically track the latest v6.x release.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/changeset-preview.yml around lines 21 - 22, The workflow
step named "Checkout" currently pins uses to actions/checkout@v6.0.1; update
that value to either actions/checkout@v6.0.2 or actions/checkout@v6 to follow
the latest v6.x releases. Locate the "Checkout" step in the changeset-preview
workflow and replace the uses reference accordingly, keeping the step name and
other keys unchanged.